Skip to main content
CVE-2025-69203 MEDIUM POC PATCH This Month

Signal K Server is a server application that runs on a central hub in a boat. [CVSS 6.3 MEDIUM]

Information Disclosure Signal K Server
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-15410 MEDIUM POC This Month

A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. [CVSS 7.3 HIGH]

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15408 MEDIUM POC This Month

A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. [CVSS 7.3 HIGH]

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15407 MEDIUM POC This Month

A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. [CVSS 7.3 HIGH]

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-0544 MEDIUM POC This Month

SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /student/index.php enables unauthenticated remote attackers to query or manipulate the database. Public exploit code exists for this vulnerability, and no patch is currently available, leaving all installations at risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15409 MEDIUM POC This Month

Online Guitar Store versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-68273 MEDIUM POC PATCH This Month

Signal K Server is a server application that runs on a central hub in a boat. [CVSS 5.3 MEDIUM]

Information Disclosure Signal K Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-15405 MEDIUM POC This Month

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. [CVSS 4.3 MEDIUM]

CSRF Phpems
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-48768 MEDIUM This Month

Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service. [CVSS 6.5 MEDIUM]

Apache Null Pointer Dereference Denial Of Service Nuttx
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-14627 MEDIUM This Month

The WP Import - Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.35. This is due to inadequate validation of the resolved URL after following Bitly shortlink redirects in the `upload_function()` method. [CVSS 6.4 MEDIUM]

WordPress SSRF PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-21436 MEDIUM PATCH This Month

Eopkg package manager versions before 4.4.0 fail to enforce the --destdir installation path, allowing malicious packages to write files to arbitrary locations on the host filesystem. An attacker can exploit this by distributing a compromised package that bypasses the intended installation directory, potentially overwriting system files or placing malicious content outside the sandboxed installation path. Users are only at risk if installing packages from untrusted or compromised sources; Solus repository packages are unaffected.

Python Eopkg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21437 MEDIUM PATCH This Month

Eopkg package manager versions before 4.4.0 fail to track files included in malicious packages, allowing undetected file installation when users install from compromised sources. An attacker can distribute packages containing hidden files that evade detection by package management tools like lseopkg. Users installing exclusively from official Solus repositories are unaffected.

Python Eopkg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-13820 MEDIUM This Month

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user (when knowing their email address) when such user does not have an account on disqus.com yet. [CVSS 5.3 MEDIUM]

WordPress PHP
NVD WPScan
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-69413 MEDIUM PATCH This Month

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists. [CVSS 5.3 MEDIUM]

Information Disclosure Gitea Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-66023 MEDIUM PATCH This Month

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free (UAF) vulnerability within the MQTT bridge client component (implemented via the underlying NanoNNG library). [CVSS 4.9 MEDIUM]

Use After Free Memory Corruption Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-14428 MEDIUM This Month

The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'my_sticky_elements_bulks' function in all versions up to, and including, 2.3.3. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy